Security Audit

launch_darkly-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 27904475d127

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

launch_darkly-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH, Unpinned 'rube' dependency in manifest.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Potential Arbitrary Code Execution via RUBE_REMOTE_WORKBENCH The skill instructs the LLM to use `RUBE_REMOTE_WORKBENCH` for 'bulk operations or data processing' and explicitly mentions using `run_composio_tool()` in a loop with `ThreadPoolExecutor` for parallel execution. The mention of `ThreadPoolExecutor` strongly suggests that `RUBE_REMOTE_WORKBENCH` can execute arbitrary Python code provided by the LLM. If an attacker can prompt the LLM to pass malicious code to `RUBE_REMOTE_WORKBENCH`, it could lead to arbitrary command execution within the Rube MCP environment, granting excessive permissions and potentially compromising the host system or exfiltrating data. Clarify the exact capabilities and input schema of `RUBE_REMOTE_WORKBENCH`. If it allows arbitrary code, restrict its use or provide a safer, sandboxed execution environment. If it's intended for internal Rube logic, ensure the LLM cannot inject arbitrary code into it.	LLM	SKILL.md:60
HIGH	Unpinned 'rube' dependency in manifest The skill's manifest specifies a dependency on `mcp: ["rube"]` without a version constraint. This means that any version of the 'rube' MCP could be pulled, including potentially malicious or vulnerable future versions. This exposes the skill to supply chain attacks if a compromised version of 'rube' is published. Pin the 'rube' dependency to a specific, known-good version (e.g., `mcp: ["rube==1.2.3"]`) or at least a major/minor version range (e.g., `mcp: ["rube>=1.0,<2.0"]`) to mitigate risks from future malicious or vulnerable updates.	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ba70dc8f71e30845.svg)](https://skillshield.io/report/ba70dc8f71e30845)